# global keys
settings=Settings
configPasswordEncoder=Weak encryption
strongConfigPasswordEncoder=Strong encryption
plainTextConfigPasswordEncoder=Plain text
digestPasswordEncoder=Digest
plainTextPasswordEncoder=Plain text
pbePasswordEncoder=Weak PBE
strongPbePasswordEncoder=Strong PBE  
nullPasswordEncoder=Null
emptyPasswordEncoder=Empty
notAdmin=Settings only changeable by users with full administrative privileges.

# menu keys
category.security=Security
security.settings.title=Settings
security.settings.description=Configure global security settings
security.auth.title=Authentication
security.auth.description=Authentication providers and settings
security.passwd.title=Passwords
security.passwd.description=Password settings
security.userGroupRole.title=Users, Groups, Roles
security.userGroupRole.description=Manage users, groups, and roles
security.data.title=Data
security.data.description=Edit data access rules
security.service.title=Services
security.service.description=Edit service access rules
security.urlcheck.title=URL Checks
security.urlcheck.description=Control External URLs that Geoserver can access

# security service implementation titles

# enums
RoleSource.UserGroupService=User group service
RoleSource.RoleService=Role service
RoleSource.Header=Request header
RoleSource.J2EE=J2EE

RequestFilterChain.web=Web UI
RequestFilterChain.webLogin=Web UI Login
RequestFilterChain.webLogout=Web UI Logout
RequestFilterChain.rest=REST
RequestFilterChain.gwc=GWC
RequestFilterChain.default=Default

# user/group services
org.geoserver.security.GeoServerUserGroupService.title=User Group Service
org.geoserver.security.xml.XMLUserGroupService.name=XML
org.geoserver.security.xml.XMLUserGroupService.title=Default XML user/group service
org.geoserver.security.impl.MemoryUserGroupService.title=Test user/group service
org.geoserver.security.impl.ReadOnlyUGService.title=Test read-only user/group service

# role services
org.geoserver.security.GeoServerRoleService.title=Role Service
org.geoserver.security.xml.XMLRoleService.name=XML
org.geoserver.security.xml.XMLRoleService.title=Default XML role service
org.geoserver.security.impl.GeoServerJ2eeRoleService.name=J2EE
org.geoserver.security.impl.GeoServerJ2eeRoleService.title=J2EE role service 
org.geoserver.security.impl.MemoryRoleService.title=Test user/group service
org.geoserver.security.impl.ReadOnlyRoleService.title=Test read-only role service

# password validators
org.geoserver.security.password.PasswordValidator.title=Password Policy
org.geoserver.security.validation.PasswordValidatorImpl.name=Basic
org.geoserver.security.validation.PasswordValidatorImpl.title=Basic password policy

# authentication providers/filters
org.geoserver.security.GeoServerAuthenticationProvider.title=Authentication Provider
org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.name=Basic username/password
org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.title=Basic username/password authentication
org.geoserver.security.filter.GeoServerAuthenticationFilter.title=Authentication Filter
org.geoserver.security.filter.GeoServerJ2eeAuthenticationFilter.name=J2EE
org.geoserver.security.filter.GeoServerJ2eeAuthenticationFilter.title=J2EE container authentication
org.geoserver.security.filter.GeoServerX509CertificateAuthenticationFilter.name=X.509
org.geoserver.security.filter.GeoServerX509CertificateAuthenticationFilter.title=X.509 certificate authentication
org.geoserver.security.filter.GeoServerRequestHeaderAuthenticationFilter.name=HTTP Header
org.geoserver.security.filter.GeoServerRequestHeaderAuthenticationFilter.title=HTTP request header authentication
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.name=Basic
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.title=Basic HTTP authentication
org.geoserver.security.filter.GeoServerDigestAuthenticationFilter.name=Digest
org.geoserver.security.filter.GeoServerDigestAuthenticationFilter.title=Digest HTTP authentication
org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.name=Anonymous
org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.title=Anonymous authentication
org.geoserver.security.filter.GeoServerRememberMeAuthenticationFilter.name=Remember Me
org.geoserver.security.filter.GeoServerRememberMeAuthenticationFilter.title=Remember me authentication
org.geoserver.security.filter.GeoServerRememberMeAuthenticationFilter.name=Remember Me
org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.Name=Form
org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.title=Form authentication
org.geoserver.security.filter.GeoServerCredentialsFromRequestHeaderFilter.name=Credentials From Headers
org.geoserver.security.filter.GeoServerCredentialsFromRequestHeaderFilter.title=Credentials From Request Headers

# master password providers
org.geoserver.security.MasterPasswordProvider.title=Password Provider
org.geoserver.security.password.URLMasterPasswordProvider.name=URL
org.geoserver.security.password.URLMasterPasswordProvider.title=Default URL keystore password provider

# security settings page
SecuritySettingsPage.title=Security Settings
SecuritySettingsPage.description=Configure security settings
SecuritySettingsPage.activeRoleService=Active role service
SecuritySettingsPage.encryption=Encryption
SecuritySettingsPage.encryptionHelp.title=Password Encryption
SecuritySettingsPage.encryptionHelp=<p>GeoServer provides a number of methods for encrypting passwords.\
<ul>\
<li><b>Plain text</b> encryption is essentially no encryption at all and passwords are stored as plain text.</li>\
<li><b>Digest</b> encryption encodes passwords with using a SHA 256 bit digest method. By default the \
implementation computes a random salt.</li>\
<li><b>Weak PBE</b> encryption encodes passwords using a password based encryption method.</li>\
<li><b>Strong PBE</b> encryption encodes passwords using a much stronger password based encryption \
method based on AES 256 bit encryption.</li>\
</p>\
<p>\
With PBE, the strong encryption method is not natively available on all Java virtual machines. In such an \
environment it is recommended that the JCE Unlimited Strength Jurisdiction Policy Files be installed \
in the virtual machine.</p>\
<p>The Oracle JCE policy jars can be downloaded from from <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">here</a>.\
The IBM JCE policy jars can be downloaded from from <a href="https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk">here</a>.</p>
SecuritySettingsPage.noStrongEncryption=No strong cryptography available, installation of the unrestricted policy jar files is recommended
SecuritySettingsPage.strongEncryption=Strong cryptography available

# named service panels
SecurityNamedServiceNewPage.new=New ${title1}
SecurityNamedServiceNewPage.create=Create and configure a new ${title2}
SecurityNamedServiceNewPage.title=
SecurityNamedServiceNewPage.description=

SecurityNamedServiceEditPage.title=
SecurityNamedServiceEditPage.description=
SecurityNamedServiceEditPage.copy=Copy
SecurityNamedServiceEditPage.error=Error
SecurityNamedServiceEditPage.settings=Settings

SecurityNamedServicePanel.settings=Settings

SecurityNamedServicesPanel.addNew=Add new
SecurityNamedServicesPanel.removeSelected=Remove selected
SecurityNamedServiceTablePanel.th.name=Name
SecurityNamedServiceTablePanel.th.type=Type


SecurityFilterChainsPanel.addServiceChain=Add service chain
SecurityFilterChainsPanel.addHtmlChain=Add HTML chain
SecurityFilterChainsPanel.removeSelected=Remove selected
SecurityFilterChainsPanel.th.name=Name
SecurityFilterChainsPanel.th.patternString=Patterns
SecurityFilterChainsPanel.th.httpMethods=HTTP methods
SecurityFilterChainsPanel.th.disabled=No Security
SecurityFilterChainsPanel.th.allowSessionCreation=HTTP Session
SecurityFilterChainsPanel.th.requireSSL=SSL
SecurityFilterChainsPanel.th.hasRoleFilter=Role Filter
SecurityFilterChainsPanel.th.matchHTTPMethod=Check HTTP Method
SecurityFilterChainsPanel.th.up=Up
SecurityFilterChainsPanel.th.down=Down
SecurityFilterChainsPanel.th.position=Position
SecurityFilterChainsPanel.th.remove=Remove

EncryptionPanel.encryptingUrlParams=Encrypt web admin URL parameters
EncryptionPanel.passwordEncryption=Password encryption

# user pages
AbstractUserPage.username=User name
AbstractUserPage.enabled=Enabled
AbstractUserPage.groups=Groups
AbstractUserPage.adminGroups=Administrator for groups
AbstractUserPage.password=Password
AbstractUserPage.confirmPassword=Confirm password
AbstractUserPage.properties=User properties
AbstractUserPage.calculatedRoles=Derived Roles
AbstractUserPage.calculateroles=Recalculate role list 
AbstractUserPage.saveError=An error occurred while saving the user: {0}
AbstractUserPage.passwordMismatch=Password and password confirmation are different
AbstractUserPage.noAdminGroups=Group administrator role assigned but no groups selected

NewUserPage.title=Add a new user
NewUserPage.description=Specify a new user name, password, properties and associate groups/roles with the user. 

EditUserPage.title=Edit user
EditUserPage.description=You can update the password, enable/disable the user or change user roles and user groups

UserPanel.title=Users list
UserPanel.description=Manage users known to GeoServer
UserPanel.addUser=Add new user
UserPanel.addNew=Add new user
UserPanel.removeUser=Remove {0}
UserPanel.removeSelected=Remove Selected
UserPanel.removeSelectedWithRoles=Remove Selected and remove role associations 
UserPanel.confirmRemoveUser=Really want to remove user "{0}"?
UserPanel.removeError=An error occurred while removing the user: {0}
UserPanel.noCreateStore=This user group service is read-only.
UserPanel.th.username=Username
UserPanel.th.roles=Roles
UserPanel.th.enabled=Enabled
UserPanel.th.hasattributes=Has Attributes

# group pages
AbstractGroupPage.groupname=Group name
AbstractGroupPage.enabled=Enabled
AbstractGroupPage.saveError=An error occurred while saving the group: {0}

NewGroupPage.title=Add a new group
NewGroupPage.description=Specify a new group name  and associate roles with the group. 

EditGroupPage.title=Edit group
EditGroupPage.description=You can enable/disable the group or change group roles
EditGroupPage.groupMembers=Group Members
EditGroupPage.th.username=Username

GroupPanel.title=Group list
GroupPanel.description=Manage groups known to GeoServer
GroupPanel.addGroup=Add new group
GroupPanel.addNew=Add new group
GroupPanel.removeGroup=Remove {0}
GroupPanel.removeSelected=Remove Selected
GroupPanel.removeSelectedWithRoles=Remove Selected and remove role associations
GroupPanel.confirmRemoveGroup=Really want to remove group "{0}"?
GroupPanel.removeError=An error occurred while removing the group: {0}
GroupPanel.noCreateStore=This user group service is read-only.
GroupPanel.th.groupname=Groupname
GroupPanel.th.enabled=Enabled
GroupPanel.th.remove=Remove

UserGroupPaletteFormComponent.groups=Groups
UserGroupPaletteFormComponent.addGroup=Add a new group

# role pages
AbstractRolePage.anonymousRole=Anonymous role
AbstractRolePage.personalizedRole=Role personalized for user {0}
AbstractRolePage.name=Name
AbstractRolePage.parent=Parent role
AbstractRolePage.properties=Role properties 
AbstractRolePage.saveError=An error occurred while saving the role: {0}

NewRolePage.title=Add a new role
NewRolePage.description=Specify a new role name and associate parent roles and role parameters 

EditRolePage.title=Edit role
EditRolePage.description=You can change the role hierarchy and the role parameters 
 
RolePanel.title=Role list
RolePanel.description=Manage roles known to GeoServer
RolePanel.addRole=Add new role
RolePanel.addNew=Add new role
RolePanel.removeRole=Remove {0}
RolePanel.removeSelected=Remove Selected
RolePanel.confirmRemoveRole=Really want to remove role "{0}"?
RolePanel.removeError=An error occurred while removing the role: {0}
RolePanel.noCreateStore=This role service is read-only.
RolePanel.th.rolename=Role
RolePanel.th.parentrolename=Parent
RolePanel.th.hasroleparams=Parameters
RolePanel.th.remove=Remove

RolePaletteFormComponent.roles=Roles
RolePaletteFormComponent.rolesFromActiveService=Roles taken from active role service: {0}
RolePaletteFormComponent.addRole=Add a new role
RuleRolesFormComponent.anyRole=Grant access to any role

ErrorPanel.stacktrace=Stack trace 

# Component used for editing roles in user,group and rule pages

AbstractDataAccessRulePage.READ=Read
AbstractDataAccessRulePage.WRITE=Write
AbstractDataAccessRulePage.ADMIN=Admin
AbstractDataAccessRulePage.workspace=Workspace
AbstractDataAccessRulePage.globalGroup=Global layer group
AbstractDataAccessRulePage.globalGroupRule=Global layer group rule
AbstractDataAccessRulePage.layerGroup=Layer and groups
AbstractDataAccessRulePage.accessMode=Access mode
AbstractDataAccessRulePage.emptyRoles=Rule has no role(s) associated

NewDataAccessRulePage.title=New data access rule
NewDataAccessRulePage.description=Configure a new data access rule
NewDataAccessRulePage.saveError=Error occurred while saving the rule on disk: {0}
NewDataAccessRulePage.duplicateRule=Rule {0} already exists in the rule list

EditDataAccessRulePage.title=Edit existing data access rule
EditDataAccessRulePage.description=Modify an existing data access rule. Mind, layer group containment rules only affect WMS.

AbstractServiceAccessRulePage.service=Service
AbstractServiceAccessRulePage.operation=Operation
AbstractServiceAccessRulePage.method=Method
AbstractServiceAccessRulePage.emptyRoles=Rule has no role(s) associated

ServiceAccessRulePage.title=Service access rules list
ServiceAccessRulePage.description=Manage service level security: edit, add and remove access rules
ServiceAccessRulePage.addRule=Add new rule
ServiceAccessRulePage.addNew=Add new rule
ServiceAccessRulePage.removeRule=Remove {0}
ServiceAccessRulePage.confirmRemoveRule=Really want to remove rule "{0}"?
ServiceAccessRulePage.removeError=An error occurred while removing the rule: {0}
ServiceAccessRulePage.th.key=Rule path
ServiceAccessRulePage.th.roles=Roles
ServiceAccessRulePage.th.remove=Remove

NewServiceAccessRulePage.title=New service access rule
NewServiceAccessRulePage.description=Configure a new service access rule
NewServiceAccessRulePage.saveError=Error occurred while saving the rule on disk: {0}
NewServiceAccessRulePage.duplicateRule=Rule {0} already exists in the rule list

EditServiceAccessRulePage.title=Edit existing service access rule
EditServiceAccessRulePage.description=Modify an existing service access rule

# data security pages
DataSecurityPage.title=Data Security
DataSecurityPage.description=Manage data security: edit, add and remove access rules
DataSecurityPage.addRule=Add new rule
DataSecurityPage.addNew=Add new rule
DataSecurityPage.removeSelected=Remove Selected(s)
DataSecurityPage.catalogMode=Set global catalog mode
DataSecurityPage.HIDE=HIDE
DataSecurityPage.MIXED=MIXED
DataSecurityPage.CHALLENGE=CHALLENGE
DataSecurityPage.removeRule=Remove {0}
DataSecurityPage.confirmRemoveRule=Really want to remove rule "{0}"?
DataSecurityPage.removeError=An error occurred while removing the rule: {0}
DataSecurityPage.th.key=Rule path
DataSecurityPage.th.roles=Roles
DataSecurityPage.th.remove=Remove
DataSecurityPage.catalogModeHelp.title=Catalog Mode
DataSecurityPage.catalogModeHelp=<p>The catalog mode specifies how to expose layers and resources in the catalog \
that a user does not have privileges or via anonymous access.</p>\
<p><strong>HIDE</strong> is the default mode and hides layers that the user does not have read \
    access for. This is the most secure catalog mode. In the event the user has read but not write permissions this mode forces the layer to be read only. This \
    mode excludes layers from the capabilities document that the user does not have read permissions for. Because of this \
    this mode does not work very well with clients such as uDig or Google Earth, where authentication occurs only if the \
    server returns a HTTP 401 after an attempt to access a secured layer.</p>\
<p><strong>MIXED</strong> mode hides all layers the user does not have read permission for but \
    triggers authentication for any other attempt to access the layer or its metadata directly. This mode is useful in cases \
    where a layer is not to be advertised in a capabilities document, but select access to the layer may be granted to users \
    (DataSecurityPage authentication) who are given direct access to the layer.</p>\
<p><strong>CHALLENGE</strong> mode allows free access to layer metadata, but issues a 401 \
    code triggering authentication for any attempt to access the layer data. This mode lists all layers in a service \
    capabilities document and allows operations that return only metadata such as GetFeatureInfo and DescribeFeatureType \
    without authentication. Any operation like GetMap or GetFeature that require actual data access result in a 401 code \
    triggering authentication. This mode works well with capabilities driven clients such as uDig.</p>\

DataSecurityPage.HIDE=HIDE
DataSecurityPage.MIXED=MIXED
DataSecurityPage.CHALLENGE=CHALLENGE

AbstractConfirmRemovelPanel.aboutRemove     = Are you sure you want to remove these objects?
AbstractConfirmRemovelPanel.removedObjects  =The following objects will be removed
AbstractConfirmRemovelPanel.problems  =The following objects cannot be removed
AbstractConfirmRemovalPanel.rules=Objects

ConfirmRemovalDataAccessRulePanel.rules          = Rule(s)
ConfirmRemovalUserPanel.rules          = User(s)
ConfirmRemovalGroupPanel.rules         = Group(s)
ConfirmRemovalRolePanel.rules          = Role(s)
ConfirmRemovalServicePanel.rules          = Service(s)
ConfirmRemovalNamedServicePanel.rules = Security services 

SelectionNamedServiceRemovalLink.confirmRemoval=Confirm security service removal
SelectionDataRuleRemovalLink.confirmRemoval = Confirm object removal
SelectionUserRemovalLink.confirmRemoval  = Confirm object removal
SelectionGroupRemovalLink.confirmRemoval = Confirm object removal
SelectionRoleRemovalLink.confirmRemoval  = Confirm object removal
SelectionServiceRemovalLink.confirmRemoval = Confirm object removal

# authentication page
AuthenticationPage.title=Authentication
AuthenticationPage.description=Authentication providers and settings
AuthenticationPage.logoutSettings=Logout settings
AuthenticationPage.redirectURL=Redirect URL after logout (empty,absolute or relative to context root)
AuthenticationPage.sslSettings=SSL settings
AuthenticationPage.sslPort=SSL Port (default is 443)
AuthenticationPage.bfEnabled=Enabled
AuthenticationPage.bruteForceSettings=Brute force attack prevention settings
AuthenticationPage.bfMinDelaySeconds=Minimum delay on failed authentication (seconds)
AuthenticationPage.bfMaxDelaySeconds=Maximum delay on failed authentication (seconds)
AuthenticationPage.bfInvalidMinMax=Invalid min/max delay fields, maximum must be greater or equal than minimum
AuthenticationPage.bfMaxBlockedThreads=Maximum number of threads blocked on failed login delay
AuthenticationPage.bfWhitelistedNetmasks=Excluded network masks (comma separated)
AuthenticationPage.invalidMask=Invalid network mask '{0}'
AuthenticationPage.authFilters=Authentication Filters
AuthenticationPage.authFiltersHelp.title=Authentication Filters
AuthenticationPage.authFiltersHelp=<p>Authentication filters provide a method or mechanism for \
 authentication and fall into two main categories:\
 <ol>\
 <li>Filters that gather and process authentication information</li>\
 <li>Filters that do actual authentication</li>\
 </ol>\
 </p>\
 <p>\
 The first category of filters are meant to be used in conjunction with an authentication provider. \
 In this scenario the filter acts as a pre-processor whose job is to simply gather security credentials \
 and it is the job of the provider to actually perform the authentication. An example is HTTP basic \
 authentication in which the filter processes the HTTP basic auth header, extracting the username and \
 password. Those credentials are then later processed by the provider to perform the actual \
 authentication of the user.</p>\
 <p>The second category of filters are typically used in situations where authentication happens externally \
 and are referred to as "pre-authentication" filters. Such filters recognize and process information from \
 a pre-authentication and allow a request to proceed as authenticated. This category of filter does not \
 require an authentication provider since the authentication has already taken place. An example would be \
 a system that uses Siteminder for authentication, passing through the authenticated username in a request \
 header.\
 </p>
AuthenticationPage.authProviders=Authentication Providers
AuthenticationPage.authProvidersHelp.title=Authentication Providers

AuthenticationPage.authProvidersHelp=<p>Authentication providers are the mechanism through which a \
 a user is authenticated using some pre-defined authentication method.</p> 

AuthenticationPage.authChains=Filter Chains
AuthenticationPage.authChainsHelp.title=Filter Authentication Chains
AuthenticationPage.authChainsHelp=<p>Add, edit and remove individual chains</p>\
<p>Different authentication mechanisms are available for each chain type. HTML chains should \
be used for chains returning HTML pages, service chains for all other kind of services.</p> \
<p>The order of the filter chains is important. The first \
chain matching an incoming request processes the request.</p>

AuthenticationPage.filterChain=Filter chain testing
AuthenticationPage.filterChainHelp.title=Filter testing
AuthenticationPage.filterChainHelp=<p>Chain testing is done by \
specifying an HTTP method and the URL path excluding the context root. As an example, for testing \
<strong>http://localhost:8080/geoserver/wms?request=getCapabilities</strong> the test URL path is \
<strong>/wms</strong></p>

AuthenticationPage.httpMethod=HTTP method for testing
AuthenticationPage.urlPath=URL path for testing 
AuthenticationPage.chainTestResult=Responsible chain
AuthenticationPage.chainTest=Find chain

AuthenticationPage.providerChain=Provider Chain
AuthenticationPage.providerChainHelp.title=Provider Authentication Chain
AuthenticationPage.providerChainHelp=<p>The GeoServer authentication chain defines the order in which \
 authentication providers are applied to a request in order to authenticate a user. Upon an incoming \
 request, each provider in the chain is processed in order and given a chance to authenticate. Each \
 provider may do one of three things:\
 <ol>\
 <li>Signal a successful authentication if the user specified good credentials. When a successful \
 authentication occurs chain processing is stopped.</li>\
 <li>Signal an unsuccessful authentication if the user specified bad credentials. When an unsuccessful \
 authentication occurs chain processing is stopped.</li>\
 <li>Ignore the authentication request in cases where the provider does not apply to the method of \
 authentication. For example if HTTP digest authentication is being used a basic username password \
 authentication provider would simply ignore it. In this case the authentication chain processing \
 continues to the next provider in the chain.</li>\
 </ol>\
 </p>\
 <p>\
 If no provider in the chain is capable of authenticating the request an error (usually a 401) is sent \
 back to the user.</p>

AuthenticationPage.requestChain=Request Chain

SecurityFilterChainPage.title=Filter chain
SecurityFilterChainPage.description=Configure an individual filter chain
SecurityFilterChainPage.name=Name
SecurityFilterChainPage.disabled=Disable security for this chain
SecurityFilterChainPage.allowSessionCreation=Allow creation of an HTTP session for storing the authentication token
SecurityFilterChainPage.patternString=Comma delimited list of ANT patterns (with optional query string)
SecurityFilterChainPage.requireSSL=Accept only SSL requests
SecurityFilterChainPage.roleFilterName=Role filter
SecurityFilterChainPage.matchHTTPMethod=Activate HTTP method matching
SecurityFilterChainPage.close=Close
SecurityFilterChainPage.chainConfig=Chain settings
SecurityFilterChainPage.chainConfigHelp.title=Chain settings
SecurityFilterChainPage.chainConfigHelp=<p>The name of the chain must be unique. It is possible to \
specify more than one ANT pattern: <strong>/wms/**,/wfs**</strong></p>\
<p>For each ANT pattern it is also possible to specify an optional query string regular expression \
matcher with the following syntax: \
<strong>/wms/**|.*request=GetCapabilities.*</strong> where the query string regular expression is \
separated from the ANT pattern with a | (pipe) separator.</p>\
<p>Disabling security removes \
 all security filters from this chain.</p><p>HTTP session creation should be allowed \
for interactive sessions but not for web services. Of course, there are exceptions to this rule.</p> 
SecurityFilterChainPage.chainConfigMethod=HTTP method matching
SecurityFilterChainPage.chainConfigMethodHelp.title=HTTP method matching
SecurityFilterChainPage.chainConfigMethodHelp=<p>Turn on HTTP method matching to specify the \
HTTP methods this chain is responsible for.</p>

 
SecurityVariableFilterChainPage.interceptorName=Interceptor filter
SecurityVariableFilterChainPage.exceptionTranslationName=Exception translation filter

SecurityVariableFilterChainPage.chainConfigFilter=Chain filters
SecurityVariableFilterChainPage.chainConfigFilterHelp.title=Chain filters
SecurityVariableFilterChainPage.chainConfigFilterHelp=<p>The role filter is optional, if active, the roles of \
 an authenticated principal are sent back using an HTTP response header.<p>The interceptor is a \
technical filter, the default is <strong>interceptor</strong>.</p><p>It is possible to put more \
than one authentication filter on the chain. The last filter filter is responsible for \
challenging an unauthenticated principal.</p>



# password policy page 
PasswordPolicyPage.title=Password Policy
PasswordPolicyPage.description=Manage password policies

PasswordPolicyPanel.short=Basic
PasswordPolicyPanel.title=Basic Password Policy
PasswordPolicyPanel.description=Default password policy providing basic options
PasswordPolicyPanel.minLength=Minimum length
PasswordPolicyPanel.maxLength=Maximum length (-1  for unlimited length)
PasswordPolicyPanel.digitRequired=Must contain a digit
PasswordPolicyPanel.uppercaseRequired=Must contain an uppercase letter
PasswordPolicyPanel.lowercaseRequired=Must contain a lowercase letter
PasswordPolicyPanel.unlimitedLength=Unlimited password length

# authentication page
AuthenticationProviderPage.title=Authentication provider
AuthenticationProviderPage.description=Manage authentication providers

UsernamePasswordAuthProviderPanel.short=Username Password
UsernamePasswordAuthProviderPanel.title=Username Password Authentication
UsernamePasswordAuthProviderPanel.description=Default username password authentication that works against a user group service
UsernamePasswordAuthProviderPanel.userGroupService=User Group Service

AnonymousAuthFilterPanel.short=Anonymous
AnonymousAuthFilterPanel.title=Anonymous Authentication
AnonymousAuthFilterPanel.description=Authenticates anonymously performing no actual authentication 

RememberMeAuthFilterPanel.short=Remember Me
RememberMeAuthFilterPanel.title=Remember Me Authentication
RememberMeAuthFilterPanel.description=Authenticates by recognizing authentication from a previous request

FormAuthFilterPanel.short=Form
FormAuthFilterPanel.title=Form authentication
FormAuthFilterPanel.description=Authenticates by processing username/password from a form submission
FormAuthFilterPanel.usernameParameter=Username parameter
FormAuthFilterPanel.passwordParameter=Password parameter

J2eeAuthFilterPanel.short=J2EE
J2eeAuthFilterPanel.title=J2EE Container Authentication
J2eeAuthFilterPanel.description=Delegates to servlet container for authentication
J2eeAuthFilterPanel.roleService=Role Service

X509AuthFilterPanel.short=X.509
X509AuthFilterPanel.title=X.509 Certificate Authentication
X509AuthFilterPanel.description=Authenticates by extracting the common name (cn)  of a X.509 certificate

PreAuthenticatedUserNameFilterPanel.roleSource=Role source
PreAuthenticatedUserNameFilterPanel.rolesHeaderAttribute=Request header attribute for roles
PreAuthenticatedUserNameFilterPanel.roleSourceHelp.title=Role source
PreAuthenticatedUserNameFilterPanel.roleSourceHelp=\
<p>If the <strong>role source</strong> is <strong>User group service</strong>, the name of the service has to be specified.</p> \
<p>If the <strong>role source</strong> is <strong>Role service</strong>, the name of the service has to be specified.</p> \
<p>If the <strong>role source</strong> is <strong>Request header</strong>, the name of the HTTP header attribute has to be specified.\
The content of this attribute are the roles of the principal. The default role delimiter is the semicolon <strong>;</strong>.\
GeoServer accepts the sent roles without verification.</p>

HeaderAuthFilterPanel.short=HTTP Header
HeaderAuthFilterPanel.title=HTTP Request Header Authentication
HeaderAuthFilterPanel.description=Authenticates by checking existence of an HTTP request header  
HeaderAuthFilterPanel.principalHeaderAttribute=Request header attribute

BasicAuthFilterPanel.short=Basic
BasicAuthFilterPanel.title=Basic authentication
BasicAuthFilterPanel.description=Authenticates using HTTP basic authentication  
BasicAuthFilterPanel.useRememberMe=Enable Remember Me 

DigestAuthFilterPanel.short=Digest
DigestAuthFilterPanel.title=Digest authentication
DigestAuthFilterPanel.description=Authenticates using HTTP digest authentication  
DigestAuthFilterPanel.userGroupService=User group service
DigestAuthFilterPanel.nonceValidityDuration=Nonce validity duration (seconds)


CredentialsFromRequestHeaderFilterPanel.title=Credentials From Request Headers
CredentialsFromRequestHeaderFilterPanel.short=Credentials From Headers
CredentialsFromRequestHeaderFilterPanel.description=Authenticates by looking up for credentials sent in headers
CredentialsFromRequestHeaderFilterPanel.userNameHeaderName=Username Header
CredentialsFromRequestHeaderFilterPanel.userNameRegex=Regular Expression for Username
CredentialsFromRequestHeaderFilterPanel.passwordHeaderName=Password Header
CredentialsFromRequestHeaderFilterPanel.passwordRegex=Regular Expression for Password 
CredentialsFromRequestHeaderFilterPanel.parseAsUriComponents=Parse Arguments as Uri Components
CredentialsFromRequestHeaderFilterPanel.authHeaderParameters=Parameters for Credentials From Request Headers
CredentialsFromRequestHeaderFilterPanel.authHeaderParametersHelp.title=Credentials From Request Headers Authentication
CredentialsFromRequestHeaderFilterPanel.authHeaderParametersHelp=<p>This filter is used to get \
credentials (username and password) from request headers. \
Username and password can be fetched from the same header or from different ones. \
A couple of regex expression with (only) one group must be used to retrieve a credential from the related header.\
<br/>\
An example of usage with Apache HTTPD mod_auth_form used as the GeoServer frontend:<br/>\
<div style="white-space\: pre\; font-family\: monospace">\
Session On<br/>\
SessionEnv On<br/>\
RequestHeader set X-Credentials "%{HTTP_SESSION}e"<br/>\
</div><br/>\
NOTE: to use the mod_auth_form be sure to check Parse Arguments as Uri Components \
</p>


# user/group/role page
UserGroupRoleServicesPage.title=Users, Groups, and Roles
UserGroupRoleServicesPage.description=Manage user group and role services
UserGroupRoleServicesPage.userGroupServices=User Group Services
UserGroupRoleServicesPage.userGroupServicesHelp.title=User Group Services
UserGroupRoleServicesPage.userGroupServicesHelp=<p>A user group service is a source of information for \
users, passwords, and group affiliation. Many authentication providers make use of a user group service \
as the backend database for looking up user information, and performing password authentication.</p>\
<p>A user group service can be read only in that it serves only as a source of user information, and not \
one in which new users can be added to. Whether a user group service is read/write is dependent on the \
specific implementation.</p>
UserGroupRoleServicesPage.roleServices=Role Services
UserGroupRoleServicesPage.roleServicesHelp.title=Role Services
UserGroupRoleServicesPage.roleServicesHelp=<p>A user group service is a source of roles or granted authorities \
for users and groups. At any given time only a single role service may be active. The active role service \
is used by user group services when loading user information to determine what roles to grant to a user.</p>\
<p>Similar to user group services a role service can be read or write. Read only services do not allow for the \
creation of new roles.</p>
UserGroupRoleServicesPage.services=Services
UserGroupRoleServicesPage.usersgroups=Users/Groups
UserGroupRoleServicesPage.roles=Roles

UserGroupServicePanel.passwordEncryption=Password encryption
UserGroupServicePanel.passwordPolicy=Password policy
UserGroupServicePanel.recodeExistingPasswords=Recode existing passwords
UserGroupServicePanel.users=Users
UserGroupServicePanel.groups=Groups
UserGroupServicePanel.passwords=Passwords
UserGroupServicesPanel.th.passwordEncoderName=Password Encryption
UserGroupServicesPanel.th.passwordPolicyName=Password Policy

XMLUserGroupServicePanel.short=XML
XMLUserGroupServicePanel.title=XML User Group Service
XMLUserGroupServicePanel.description=Default user group service stored as XML
XMLUserGroupServicePanel.settings=Settings
XMLUserGroupServicePanel.fileName=XML filename
XMLUserGroupServicePanel.validating=Enable schema validation
XMLUserGroupServicePanel.checkInterval=File reload interval in milliseconds (0 disables)

MemoryUserGroupServicePanel.short=Memory
MemoryUserGroupServicePanel.title=Memory User Group Service
MemoryUserGroupServicePanel.description=Test user group service persisted in memory
MemoryUserGroupServicePanel.toBeEncrypted=Fields to be encrypted

ReadOnlyUserGroupServicePanel.short=Read-only
ReadOnlyUserGroupServicePanel.title=Read-only User Group Service
ReadOnlyUserGroupServicePanel.description=Test read-only user group service persisted in memory

RoleServicePanel.adminRole=Administrator role
RoleServicePanel.groupAdminRole=Group administrator role
RoleServicePanel.roles=Roles
RoleServicesPanel.th.adminRoleName=Administrator Role

XMLRoleServicePanel.short=XML
XMLRoleServicePanel.title=XML Role Service
XMLRoleServicePanel.description=Default role service stored as XML
XMLRoleServicePanel.fileName=XML filename
XMLRoleServicePanel.validating=Enable schema validation
XMLRoleServicePanel.checkInterval=File reload interval in milliseconds (0 disables)

J2eeRoleServicePanel.short=J2EE
J2eeRoleServicePanel.title=J2EE Role Service
J2eeRoleServicePanel.description=Role service extracting roles from web.xml


MemoryRoleServicePanel.short=Memory
MemoryRoleServicePanel.title=Memory Role Service
MemoryRoleServicePanel.description=Test role service persisted in memory
MemoryRoleServicePanel.toBeEncrypted=Fields to be encrypted

ReadOnlyRoleServicePanel.short=Read-only
ReadOnlyRoleServicePanel.title=Read-only Role Service
ReadOnlyRoleServicePanel.description=Test read-only role service persisted in memory

# password page
PasswordPage.title=Passwords
PasswordPage.description=Password settings
PasswordPage.changePassword=Change password
PasswordPage.masterPasswordInfo=Master password forgotten ?
PasswordPage.masterPasswordProvider=Active master password provider
PasswordPage.masterPasswordProviders=Master Password Providers
PasswordPage.masterPasswordProvidersHelp.title=Master Password Providers
PasswordPage.masterPasswordProvidersHelp=<p>The <strong>master password</strong> is central to \
 GeoServer security and serves two purposes:\
 <ol> \
  <li>It is the password for the root acount</li> \
  <li>It is used to protect encryption keys</li> \
 </ol> \
 </p>\
 <p>A <strong>Master Password Provider</strong> is a source of the GeoServer master password. The role \
 of the provider is to obtain the master password from the source, and optionally write it back to \
 the source on a master password change.</p> 

PasswordPage.passwordPolicies=Password Policies
PasswordPage.passwordPoliciesHelp.title=Password Policies
PasswordPage.passwordPoliciesHelp=<p>Password Policies define constraints on valid user \
 passwords such as password length, mix of case, and special characters. Each user group service \
 uses a password policy to enforce these rules.</p>

# password info page
MasterPasswordInfoPage.title=Dump master password
MasterPasswordInfoPage.description=Dump the master password to a file.
MasterPasswordInfoPage.fileName=File name
MasterPasswordInfoPage.dumpToFile=Dump to file
MasterPasswordInfoPage.back=Back
MasterPasswordInfoPage.unauthorized=Unauthorized master password dump request 
MasterPasswordInfoPage.fileNameEmpty=No file name given
MasterPasswordInfoPage.dumpInfo=Master password dumped to {0}, please read the content and remove \
this file manually.

MasterPasswordChangePage.title=Change Master Password
MasterPasswordChangePage.description=Change the GeoServer master password
MasterPasswordChangePage.changePassword=Change Password
MasterPasswordChangePage.currentPassword=Current password
MasterPasswordChangePage.masterPasswordProvider=Master password provider
MasterPasswordChangePage.newPassword=New password
MasterPasswordChangePage.newPasswordConfirm=Confirmation

MasterPasswordProviderPanel.readOnly=Read-only
MasterPasswordProviderPanel.loginEnabled=Allow "root" user to login as Admin
MasterPasswordProviderPanel.settingsHelp.title=Master Password Providers
MasterPasswordProviderPanel.settingsHelp=<p>A Master Password Provider is a source of the GeoServer \
 master password. A provider may be <strong>read-only</strong> in that it acts strictly as a source \
 of the master password, and does not allow a new password to be written back to it during a password \
 change.</p>
 
URLMasterPasswordProviderPanel.short=URL
URLMasterPasswordProviderPanel.title=URL Master Password Provider
URLMasterPasswordProviderPanel.description=Default provider that obtains master password from a URL
URLMasterPasswordProviderPanel.encrypting=Enable encryption
URLMasterPasswordProviderPanel.url=URL
URLMasterPasswordProviderPanel.urlHelp.title=URL Master Password Provider
URLMasterPasswordProviderPanel.urlHelp=<p>The URL Master Password Provider obtains the master password \
 from a URL. The URL may point to a local file, or an external resource or service. Non read-only \
 urls offer the option to <strong>encrypt</strong> the password to/from the URL source.</p>

SecurityWarningsPanel.userPropertiesOldFile=Please remove the file {0} because it contains user passwords in plain text. This file \
is a <b>security risk</b>.
SecurityWarningsPanel.masterPasswordFile=Please read the file {0} and remove it afterwards. This file \
is a <b>security risk</b>.
SecurityWarningsPanel.digestEncoding=The default user/group service should use digest password encoding.  
SecurityWarningsPanel.changeMasterPassword=The master password for this server has not been changed from \
  the default. It is <b>highly</b> recommended that you change it now.
SecurityWarningsPanel.changeAdminPassword=The administrator password for this server has not been changed from \
  the default. It is <b>highly</b> recommended that you change it now.
SecurityWarningsPanel.changeIt=Change it
SecurityWarningsPanel.embeddedDataDir=The embedded data directory is being used. It is <b>highly</b> \
  recommended that you change it to a location outside of the web application.

AuthFilterChainPalette.selectedHeader = Selected
AuthFilterChainPalette.availableHeader = Available

AuthenticationChainPalette.selectedHeader = Selected
AuthenticationChainPalette.availableHeader = Available

# default values for palette headers (avaliable/selected)
# if subclasses of PaletteFormComponent have no need to ovverride
# getSelectedHeaderPropertyKey() / getAvaliableHeaderPropertyKey()
PaletteFormComponent.selectedHeader = Selected
PaletteFormComponent.availableHeader = Available

RolePaletteFormComponent.selectedHeader = Selected Roles
RolePaletteFormComponent.availableHeader = Available Roles

RuleRolesFormComponent.selectedHeader = Selected Roles
RuleRolesFormComponent.availableHeader = Available Roles

UserGroupPaletteFormComponent.selectedHeader = Selected Groups
UserGroupPaletteFormComponent.availableHeader = Available Groups

URLChecksPage.title=URL External Access Checks
URLChecksPage.description=Configure URL Checks to allow access to external servers.
URLChecksPage.addNew = Add a new URL check
URLChecksPage.removeSelected = Remove selected URL checks
URLChecksPage.confirmDeleteTitle=Delete selected URL checks? 
URLChecksPage.confirmDeleteMessage={0} URL Checks will be deleted 
URLChecksPage.urlChecks = URL Check list
URLChecksPage.th.name    = Name
URLChecksPage.th.description    = Description
URLChecksPage.th.configuration  = Regular Expression
URLChecksPage.th.enabled  = Enabled
URLChecksPage.testChecks= Test URL Checks with external URL
URLChecksPage.testInput= URL to check
URLChecksPage.testURL= Test URL
URLChecksPage.testSuccess= URL is allowed, was matched by this check: {0}
URLChecksPage.testFail = No URL check matched the URL, it won't be allowed
URLChecksPage.confirmEnableTitle= Enable URL checks 
URLChecksPage.confirmEnableMessage= WARNING - Do you want to enable URL Checks?
URLChecksPage.confirmDisableTitle= Disable URL checks 
URLChecksPage.confirmDisableMessage= WARNING - Do you want to disable URL Checks? GeoServer will be allowed to access any URL.
URLChecksPage.checksControl = Enable/Disable URL Checks
URLChecksPage.checksEnabled = URL checks are enabled
URLChecksPage.checksDisabled = URL checks are NOT enabled


RegexCheckPage.title=Configure Regular Expression URL check
RegexCheckPage.description=Configure a regular expression to control outgoing requests
RegexCheckPage.nameLabel=Name
RegexCheckPage.descriptionLabel=Description
RegexCheckPage.regexLabel=Regular Expression
RegexCheckPage.enabledLabel=Enabled
RegexCheckPage.submitLabel=Submit
RegexCheckPage.cancelLabel=Cancel
RegexCheckPage.name.StringValidator.lengthBetween= Name should not be empty
RegexCheckPage.invalidRegex= Invalid regular expression: {0}
RegexCheckPage.duplicateRule= Another rule with the same name already exists: '{0}'